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A  POWERDOMAIN  PRIMER* 

Michael  G.  Main 
Department  of  Computer  Science 
University  of  Colorado 
Boulder,  CO  80309  USA 
Phone:  303-492-7579 


1.  Motivation 

The  order- theoretic  approach  to  programming  semantics  uses  certain  partially-ordered  sets, 
called  domains.  Typically,  the  elements  of  a  domain  D  are  the  "machine  states"  in  which  a  compu¬ 
tation  may  proceed,  and  a  program  is  represented  by  a  state-transformation  function /  :D  ->D.  The 
meaning  of  such  a  function  is  this:  when  the  program  is  started  in  a  state x  e  D,  then  it  will  end  in 
the  state  /  (x ).  This  "end-state"  might  be  a  special  element  of  D  which  indicates  that  the  program 
never  terminated.  This  special  element  is  usually  considered  to  be  just  another  "state"  —  one  that 
we  frequently  want  to  avoid. 

Of  course,  this  is  not  the  entire  story  of  order-theoretic  semantics:  for  example,  I  have  not  even 
mentioned  what  kind  of  partial-order  a  domain  possesses,  or  the  reason  for  the  order.  But  this  is 
enough  of  the  story  to  motivate  powerdomains .  The  motivation  comes  from  a  problem  with  the 
"typical"  situation  described  above.  We  assumed  that  the  state-transition  relationship  was  a  func¬ 
tion,  so  that  given  a  start-state  x  e  D ,  there  is  a  single  end-state  /  (jc)  e  D  which  will  be  reached  by 
the  program.  But,  some  programs  are  nondeterministic  —  meaning  that  a  given  start-state  does  not 
uniquely  determine  an  end-state.  We  may  also  be  uncertain  about  precisely  which  state  a  nondeter¬ 
ministic  program  starts  in. 

Powerdomains  are  the  solution  to  this  problem.  Intuitively,  a  powerdomain  P  is  a  special  kind 
of  domain  whose  elements  are  various  "nondeterministic  combinations  of  elements"  from  another 
domain.  In  this  setting,  a  nondeterministic  program  represents  a  function  f  :P  — .  The  meaning 
of  such  a  function  is  this:  when  the  program  is  started  in  one  of  the  states  indicated  by  the  nondeter¬ 
ministic  combination  x  e  P ,  then  it  will  end  in  one  of  the  states  of  f  (x).  In  general,  different 
notions  of  powerdomains  are  based  on  different  intuitions  about  what  constitutes  a  "nondeterminis¬ 
tic  combination  of  elements". 

*This  research  has  been  supported  in  part  by  National  Science  Foundation  grant  DCR-8402341. 
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This  paper  is  a  tutorial  to  explain  these  different  intuitions  and  the  resulting  powerdomains. 
The  tutorial  begins  with  a  review  of  domain  theory  and  its  use  in  the  order-theoretic  semantics  of 
deterministic  programs.  This  is  followed  in  Section  3  by  an  introduction  to  nondetermini stic  pro¬ 
grams,  and  their  order- theoretic  semantics  using  Gordon  Plotkin’s  powerdomain.  Section  4  provides 
an  algebraic  justification  for  Plotkin’s  choice  of  a  powerdomain.  Alternatives  to  Plotkin’s  power- 
domain  are  explained  in  Sections  5  through  7,  each  with  a  similar  algebraic  justification.  As  a  refer¬ 
ence,  the  symbols  used  in  the  paper  are  collected  together  in  the  following  box. 


b :  a  Boolean  function. 
e :  an  arithmetic  function. 

/  through  h :  domain  morphisms. 
i  through  k :  integers. 
m  and  n :  natural  numbers. 
x  and  y :  elements  of  a  domain. 

B :  a  Boolean  expression  in  your  favorite  programming  language. 

C :  a  set  of  states  for  a  computation. 

D :  a  domain. 

E :  an  arithmetic  expression  in  your  favorite  programming  language. 
P  and  Q :  nondeterministic  domains. 

R:  a  program. 

S  through  V :  subsets  of  a  domain. 

X  and  Y :  variable  names  in  a  program. 

Z :  the  set  of  integers. 

J_ :  the  least  element  in  a  domain. 

BASEd  :  the  set  of  BASE  elements  of  a  domain  D . 

Cj_:  the  flat  domain  whose  non-  _[  elements  are  the  set  C . 

[D  —>£)]:  the  set  of  domain  morphisms  from  D  to  itself. 

P(D ):  the  free  powerdomain  generated  by  D . 

P angel  (P  )•  the  free  angelic  powerdomain  generated  by  D . 

P demon  (D  )•  the  free  demonic  powerdomain  generated  by  D . 

:  the  upward-closure  of  a  subset  S  of  a  domain, 
fi:  an  insertion  morphism  from  a  domain  to  a  powerdomain. 


Table  of  Symbols 
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2.  Domains  and  Deterministic  Semantics 

In  denotational  semantics ,  a  program  denotes  a  function  f:D  — ,  where  the  elements  of  D 
represent  "machine  states"  for  the  computation  of  the  program.  One  goal  of  denotational  semantics 
is  to  assign  such  a  function  to  each  possible  program  in  a  programming  language.  The  method  of 
making  this  assignment  for  recursive  or  iterative  programs  is  a  prominent  part  of  order-theoretic 
semantics  —  which  is  a  particular  kind  of  denotational  semantics.  This  method  of  order-theoretic 
semantics  is  based  on  the  assumption  that  D  forms  a  certain  kind  of  partially-ordered  set  called  a 
domain.  This  section  of  the  tutorial  explains  what  domains  are,  and  how  they  are  used  in  order- 
theoretic  semantics. 

2.1  Domains 

Intuitively,  the  elements  of  a  domain  can  be  viewed  as  "partial  descriptions"  or  "approxima¬ 
tions"  of  objects.  A  good  place  to  begin  is  an  example  domain  called  Pc o.  The  elements  of  this 
domain  are  finite  and  infinite  sets  of  natural  numbers.  Any  set  in  Pod  can  be  viewed  as  an  approxi¬ 
mation  of  its  supersets.  For  example,  the  set  {0,2}  can  be  viewed  as  an  approximation  of  the 
infinite  set  {0, 2, 4,  •  •  •  }  of  even  natural  numbers. 

Of  course,  there  are  better  and  worse  approximations  to  the  even  numbers.  For  example,  {2}  is 
a  worse  approximation  than  {0,2},  while  {0,2,8}  is  somewhat  better.  The  best  approximation  to 
the  even  numbers  is  the  infinite  set  {0,2,4,  •  •  •  }  itself.  Every  domain  possesses  a  partial  order 
which  indicates  when  one  approximation  is  better  than  another.  The  symbol  E  indicates  this  rela¬ 
tionship,  so  that  {2}  E  {0,2}  and  {0,2}  E  {0,2,8}.  In  Pen  the  relationship  E  is  completely 
defined  by  x  E  y  if  and  only  if  x  is  a  subset  of  y .  In  a  domain,  this  relationship  is  always  a 
partial-order  —  i.e.,  a  reflexive,  transitive  and  antisymmetric  relation. 

In  our  use  of  domains  we  will  often  see  sequences  of  better-and-better  approximations.  The 
notation  x0  E  X\  E  X2  *  •  *  indicates  such  a  sequence  of  elements  jco>*i»*2  *  *  *  with*o  E  X\  and 
x  i  E  X2  and  so  on.  Such  a  sequence  is  called  a  chain.  Here’s  an  example  chain  in  Pc o: 

{0}  E  {0,2}  E  {0,2,4}  E  {0,2,4, 6}  E  •  •  • 

This  particular  chain  has  the  set  of  even  natural  numbers  as  an  upper-bound  —  i.e.  for  any  element 
xn  in  the  chain  xn  E  [m\  m  is  even  }.  In  fact,  the  set  of  even  numbers  is  the  least  upper-bound  of 
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this  chain,  since  whenever  y  is  another  upper  bound  of  this  chain,  then  {m\  m  is  even  )  Ty.  The 

oo 

least  upper- bound  of  a  chain  xq  ^  x\  ^  x  2  •  •  •  is  denoted  by  [_|  xn . 

n=  0 

Another  important  concept  in  domain  theory  is  the  notion  of  an  isolated  element  of  a  domain. 

Informally,  isolated  elements  are  elements  which  contain  only  a  finite  amount  of  information.  In 

fact,  isolated  elements  are  sometimes  called  finite  elements,  but  the  use  of  this  term  can  sometimes 

cause  confusion.  Formally,  an  element  x  of  a  domain  is  isolated  provided  that  whenever 

x  O  U  xn  then  there  exists  some  n  such  that  x  O  xn . 
n-  0 

Exercise  1:  Show  that  every  chain  in  Pco  has  a  least  upper  bound.  Show  that  the  isolated  ele¬ 
ments  of  Pea  are  precisely  the  finite  sets.  Show  that  every  element  of  Pea  is  the  least  upper-bound  of 
a  sequence  Xo  E X\  *2  '  •  • ,  where  each  xn  is  an  isolated  element. 

With  this  background,  domains  can  be  defined,  which  is  done  in  Figure  2.1.  The  domains 
defined  there  are  sometimes  called  co-algebraic,  complete  partial  orders. 


Definition:  A  domain  is  a  set  D  with  a  partial  order  O  such  that: 

(1)  There  is  an  element  J_  e  D  such  that  for  all  x  e  D  :  1  Hx.  (This  is  called  the  bot¬ 
tom  of  D ). 

(2)  Every  chain  has  a  least  upper-bound. 

(3)  There  is  a  countable  number  of  isolated  elements,  and  every  element  of  D  is  the  least 
upper-bound  of  a  sequence  *0  H x\  ^  x2  *  *  • ,  where  each  xn  is  an  isolated  element. 

The  set  {xeZ)|  x  is  isolated  }  is  called  the  base  of  D ,  denoted  by  BASED.  A  partially- 
ordered  set  which  meets  the  first  two  conditions,  but  perhaps  not  the  third,  is  called  an  co-CPO 
(complete  partial  order). 


Figure  2.1  Definition  of  a  Domain 


Examples:  The  set  N 00  of  natural  numbers  plus  an  infinity-element  is  partially-ordered  by  the 
usual  <  relation.  This  is  a  domain,  and  infinity  is  the  only  non-isolated  element.  The  set  N^xN™  of 
pairs  is  partially-ordered  by  the  relation  (ii,ji)  E  (12J2)  if  and  only  if  ix<i2  and  ji<j2.  This  is 
also  a  domain,  where  (ij)  is  isolated  only  if  both  i  and  j  are  finite.  The  set  of  non-negative 
rational  numbers  plus  an  infinity-element  is  partially-ordered  by  the  usual  <  relation.  This  is  an  co- 
CPO,  but  not  a  domain  (zero  is  the  only  isolated  element).  If  C  is  any  countable  set,  then  the  set 
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C  j_  =  C  u  Q  }  is  a  domain  with  the  partial-order:  x  C  y  if  and  only  if  x  =  or  x  =  y .  This  is 
called  aflat  domain  —  an  apt  name  for  the  picture  of  C  ^  in  Figure  2.2.  Most  of  the  domains  used  to 
provide  semantics  for  simple  programming  languages  are  flat  domains. 


Figure  2.2.  A  Flat  Domain  C  j_  where  C  =  {xi,X2,X3,  •  •  •  }. 


2.2  Domain  Morphisms 

In  order-theoretic  semantics,  elements  of  domains  represent  different  levels  of  information 
about  computation  states.  A  program  denotes  a  function  f  :D  — on  such  a  domain.  But,  not  just 
any  sort  of  function!  The  functions  denoted  by  programs  are  domain  morphisms,  as  defined  in  Fig¬ 
ure  2.3. 


Definition:  Let  D  \  and  Z)2  be  domains.  A  function  /  \D  i  — >Z>2  is  a  domain  morphism  provid¬ 
ed  that  it  meets  these  conditions: 

Monotonicity:  Whenever  x  E  y  in  D  i  then  /  (x )  /  (y )  in  D  2. 

Strictness:  /  (J_ )  =  J_ . 

oo  oo 

Continuity:  For  any  chain  xo  Ex\  ^x2  •  *  •  inDi:  /(  U  *n)=  U  (/(*«))• 

n=0  n  — 0 

Figure  2.3.  Definition  of  a  Domain  Morphism 


The  restriction  to  domain  morphisms  reflects  our  intuition  about  how  programs  work.  For  example, 
the  monotonicity  requirement  corresponds  to  the  intuition  that  better  information  about  an  input 
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state  results  in  better  information  about  an  output  state. 

Some  of  the  mathematics  of  domains  carries  over  to  domain  morphisms.  For  example,  the  set 
of  domain  morphisms  from  D  to  D  (written  [D  ->£>])  is  partially-ordered  by  the  relation  /  O  g  if 
and  only  if  for  all  x  e  D :  f  (x)  E  g  (x).  The  set  [D  — >D  ]  is  an  co-CPO,  but  not  always  a  domain. 
This  means  that  any  chain  /  o  LT  / 1  LT  /  2  '  ‘  ’  of  domain  morphisms  has  a  least  upper-bound 

oo  oo 

/  =  LI  fn*  defined  by  /  (x )  =  |J  (fn CO).  In  order-theoretic  semantics,  this  least  upper-bound  of 

n=0  n=  0 

a  chain  of  domain  morphisms  is  used  to  define  the  function  denoted  by  an  iterative  or  recursive  pro¬ 
gram. 

2.3  Semantics  of  a  Toy  Language 

Now  that  the  mathematics  of  domains  and  domain  morphisms  has  been  established,  the  ideas 
of  order- theoretic  semantics  can  be  demonstrated  on  a  little  language  called  XT.  The  programs  in 
this  language  compute  in  a  state  space  of  two  integer  variables  named  X  and  Y.  The  programs  may 
also  enter  unending  "loops".  The  domain  for  these  computations  is  the  flat  domain  (ZxZ)p  where 
Z  is  the  set  of  integers  and  J_  represents  an  "unending  computation".  A  pair  ( i,j)eZxZ 
represents  a  computation  state  where  the  variable  X  has  value  i  and  Y  has  value  j .  As  an  example, 
consider  a  program  which  computes  the  factorial  of  X  and  stores  it  in  T.  This  program  denotes  a 
function  /  :(ZxZ)|  — >  (Z  xZ)|  with  /  (/  ,j)  =  (/ , / !)  for  any  i  >0  and  any  j .  A  program  with 
/  0\  j )  =  1  means  that  an  input  of  (i ,  j )  will  result  in  an  unending  loop  in  the  computation.  All  pro¬ 
grams  have  /  (1 )  =  1 ;  intuitively  this  means  that  if  the  program  which  provided  input  to  /  had  an 
unending  loop,  then  there  is  no  way  for  /  to  correct  this. 

The  legal  XT -programs  are  defined  recursively  on  the  left  side  of  Figure  2.4.  Each  time  a  new 
program  R  is  defined,  then  a  function  [[R]]:  (Z  xZ)j^  ->  (Z  xZ)|  is  also  defined.  This  is  the  func¬ 
tion  which  the  program  R  denotes.  The  machinery  of  order-theoretic  semantics  comes  into  effect  at 
only  one  point:  the  definition  of  the  function  denoted  by  an  iterative  program.  Throughout  Figure 
2.4,  D  is  the  flat  domain  (Z  xZ)|. 

The  XT -language  is  merely  a  toy,  but  it’s  syntax  and  semantics  in  Figure  2.4  illustrate  the  most 
important  features  of  order- theoretic  semantics  for  simple  languages.  The  domain  for  the  computa¬ 
tions  in  such  a  language  is  typically  a  flat  domain  of  the  form  C  j_,  where  C  is  the  state  space  of  the 
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SYNTAX 

SEMANTICS 

1.  Simple  Commands:  SKIP  and  FAIL  are  XY  - 
programs.  Intuitively,  SKIP  is  a  program  that 
does  nothing,  and  FAIL  is  a  program  that  always 
enters  an  unending  loop. 

1.  flAX/P ]Q : D  —?D  is  the  identity  function. 
\[FAIL  ]] :  D  — >D  is  the  constant  function  which 
maps  everything  to  _[ . 

2.  Assignment  Statements:  Let  E  be  any  totally 
defined  integer  arithmetic  expression  with  at 
most  two  integer  variables  X  and  Y  in  your 
favorite  programming  language.  Then  these  are 
XY -programs: 

X  :=  E 

Y  :=E 

2.  Let  e\ZxZ—>Z  be  the  function  which 
maps  a  pair  (i  ,j)  to  the  value  of  the  arithmetic 
expression  E  when  X  -  i  and  Y  =  j .  Then 
[IX  :=£]]:£>  — >D  maps  a  pair  (. i,j )  to 
(e  (, i,j),j ),  and  [[7  :=£]]:  D  — » D  maps  a  pair 
(i ,  j )  to  (i,e(i,j)).  Both  of  these  functions 
map  1  to  1 . 

3.  Composition :  Let  Rlt  R2,  •  •  •  R*  be  XY - 
programs.  Then  this  is  an  XY -program: 

BEGIN  Ri;  R2;  •  •  •  R*  END 

3.  Let  R  be  the  composition  program.  Then 
[[Rl]:£>  is  the  composition  function 

fl  R* B  o  •  •  *  o[[R2I]  oURj,]]. 

4.  Conditional  Statement:  Let  Ri  and  R2  be 
AT -programs,  and  let  B  be  any  totally  defined 
Boolean  expression  with  at  most  two  integer 
variables  X  and  Y  in  your  favorite  program¬ 
ming  language.  Then  this  is  an  XY  program: 

IF  B  THEN  Ri  ELSE  R2 

4.  Let  b:Z  xZ  — >  {TRUE  ,F.\LSE  }  be  the  func¬ 
tion  which  maps  a  pair  (/,/)  to  the  value  of  the 
Boolean  expression  B  when  X  -i  and  Y  -  j. 
If  b(i ,j)  is  TRUE  then 
\[IF  B  THEN  Ri  ELSE  R2]](/  J )=[[R1II(/  ,j ), 
otherwise 

lIF  B  THEN  R!  ELSE  R2J] {i,j)=l R2B(z 

It  always  maps  J_  to  j_ . 

5.  Iterative  Statement:  Let  R  be  an  X7- 
program,  and  let  B  be  any  totally  defined 
Boolean  expression  with  at  most  two  integer 
variables  X  and  Y  in  your  favorite  program¬ 
ming  language.  Then  this  is  an  XY  program: 

WHILE  B  DO  R 

5.  Let  Ro  be  the  program  FAIL ;  for  any  integer 
n  >0,  let  Rn  be  this  program: 

IF  B  THEN  BEGIN  R;  Rn_!  END 

ELSE  SKIP 

Then  the  sequence  of  functions 

IRoI  E  Pil  E  P2B  •  •  • 

is  a  chain.  The  function  {[WHILE  B  DO  R  J  is 
the  least  upper-bound  of  this  chain. 

Figure  2.3.  Syntax  and  Semantics  of  the  AY-language 
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computations  and  ^  is  an  extra  element  representing  unending  computations. 

The  function  denoted  by  an  iterative  program  is  the  least  upper-bound  of  a  sequence  of  better- 
and-better  approximations  to  the  program.  In  part  5  of  Figure  2.4,  the  programs  Rn  are  these 
approximations.  Intuitively,  the  program  Rn  is  the  program  WHILE  B  DO  R  —  with  a  restriction 
that  the  body  of  the  loop  cannot  be  executed  more  than  n- 1  times.  The  attempt  to  execute  the 
loop’s  body  results  in  the  FAIL  program.  So,  the  intuition  embodied  by  the  order- theoretic  semantics 
is  this: 


WHILE  B  DO  R 


is 


lim 

n  — >  oo 


Execute  WHILE  B  DO  R  —  But  FAIL  if  the  loop  needs  more  than  n  iterations. 


Exercise  2:  Prove  that  the  sequence  of  functions  in  part  5  of  Figure  2.4  is  indeed  a  chain. 

2.4  A  Toy  Program 

It  is  traditional  to  provide  the  semantics  of  a  small  language,  followed  by  an  application  of  the 
semantics  to  a  small  program  which  calculates  the  factorial  function.  I  shall  not  violate  this  tradi¬ 
tion,  so  here’s  the  factorial  function  written  in  the  XY -language  (the  factorial  of  i  is  written  i !): 


Program  to  calculate  the  factorial  of  a  number  i . 

At  the  start  of  the  program,  the  number  i  must  be  stored 
in  X,  and  some  number  j  is  stored  in  the  variable  7. 

At  the  end  of  the  program,  X  will  be  0  and  Y  will 
be  i !  *  j .  If  i  is  negative,  then  the  program  never 
terminates. 


*************************************** *******^ 


WHILE  (X  1 0)  DO  BEGIN 
Y  :=X  *7; 

X  :=X-l; 


END 


Let  R  be  the  portion  of  the  WHILE  -loop  from  the  BEGIN  to  the  END .  Note  that  the  function 
[[R]]:£>  -»£)  is  defined  by  HR  ]](/  ,j)  =  (i-lj  *  j)  and  [[R]](_[ )  =  1 .  We  can  use  this  to  calculate 
the  function  denoted  by  the  WHILE  -  statement.  This  function  is  the  least  upper-bound  of  a  chain  of 
functions / o  ^T/i  £T / 2  * ' ' »  where / 0  is  the  constant  function  which  maps  everything  to  J_ ,  and 
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fn(ij ) 


if  (i  =0)  then  (i ,  j ) 
else  /n-idlRIO' ,  j )) 


What  is  the  least  upper-bound  of  the  /n?  We  will  show  that  it  is  the  strict  function 
/ :  (Z  xZ)1  (Z  xZ)j_  defined  by 


if  (/  <0)  then  J_ 
else(0,  il*j) 


First  we  show  that  /  is  an  upper-bound  of  the  fn  —  i.e.  that  fn  Of  for  any  n .  The  proof  is  by 
induction  on  n,  with  the  base  step  (fo  Of )  being  trivial  since  /0  is  the  least  function.  For  the 
induction  step,  assume  that  fk  Of  whenever  k  <  n ,  for  some  fixed  n  >0.  We  must  show  that  this 
implies  /„  fF  / .  Toward  this  end,  let  i  and  j  be  any  integers  and  note  the  following  relations: 

If  i  =  0: 

fndJ)  =fn(0,  j)  =  (0,y)  =  (0,0!*y)=/(0,  j)  =f(i,j) 


If  i  <  0: 


*j)  H  f  (i~  U  *j)=l  =  J ) 


If  i  >  0: 


fn  (i  J)=  /n-idRIO'  J))=  f  n-i0* — 1>  i  *  j )  ^  f  d -I,  i  *  7 )  =  (0,  (/■ -1)!  *  i  *  j )  =  (0,  i  \  *  j )  =  /  (f ,  j ) 


The  C  in  the  second  and  third  lines  follow  from  the  induction  hypothesis.  Thus,  we  have  shown 
that  for  all  n>0:  fn  Of  —  so  /  is  an  upper-bound  of  the  sequence.  To  show  that  it  is  the  least 
upper- bound,  suppose  that  h  is  another  upper-bound  of  the  chain.  Whenever  i  <  0  then 
/  0  >  j )  =  1  =  h(i,j).  And  whenever  i  >  0  then: 
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f(ij)  =  (0,i\  *j)=fi+i(itj)  Oh(i,j) 


Therefore,  f  Oh,  and  /  is  the  least  upper-bound  of  the  sequence  —  hence  /  is  the  function 
denoted  by  the  WHILE  -  statement. 


3.  A  Domain  for  Nondeterministic  Programs 

3.1  Nondeterministic  XF-programs  and  their  Semantics 

Programs  in  the  XY -language  are  deterministic  —  meaning  that  any  fixed  input  yields  a  unique 
output.  But  there  may  be  other  situations  where  determinism  does  not  hold.  A  situation  which  is 
potentially  nondeterministic  is  when  two  or  more  processes  are  running  in  parallel.  It  may  be 
impossible  to  calculate  the  precise  relative  speeds  of  the  processes.  In  this  case,  different  outcomes 
may  result  from  different  relative  speeds  of  the  parallel  processes.  From  a  program  designer’s 
standpoint,  it  may  also  be  desirable  to  explicitly  introduce  nondeterminism  to  a  language  —  since  a 
designer  may  be  willing  to  accept  any  one  of  several  correct  outputs.  In  this  case,  a  designer  may 
specify  several  possibilities  that  he  is  willing  to  accept,  and  allow  some  considerations  beyond  his 
control  to  dictate  which  of  these  possibilities  is  actually  realized. 

In  order  to  study  the  semantics  of  nondeterminism  in  a  simple  setting,  an  explicit  nondeter¬ 
ministic  construction  to  will  be  added  to  the  XY  -language,  specifically,  whenever  Rx  and  R2  are 
XY  -programs,  then  (Rj  orR2)  is  a  new  program  which  is  a  nondeterministic  choice  between  Ri  and 
R2.  For  example,  the  program  (X  :=  1  orX  :=  2)  maps  a  pair  (ij)  to  one  of  two  possible  places: 
(1,7 )  or  (2,7).  Obviously,  such  a  program  is  not  represented  by  a  function  on  the  domain  (ZxZ)  j_. 
Instead,  we  will  create  a  new  domain  P ,  whose  elements  are  various  nondeterministic  combinations 
of  elements  from  (ZxZ)j_.  A  nondeterministic  program  R  denotes  a  function  [R ]:P  —>P,  (Notice 
the  use  of  "bold”  brackets  [R]  to  distinguish  this  function  from  the  function  [JR]]  which  a  deter¬ 
ministic  program  R  denotes.) 

Elements  of  P  will  be  collections  of  states  such  as  {(1, 0) ,  (2, 0)),  which  is  an  appropriate  out¬ 
put  for  a  program  which  can  finish  with  F  =  0  and  either  X  =  1  or  X  =2.  From  the  direction  of  this 
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discussion,  you  might  think  that  we  can  take  the  elements  of  P  to  be  all  possible  subsets  of  (ZxZ)| 
(i.e.,  P  is  the  powers  of  (ZxZ)j^ ).  But,  this  does  not  work,  for  at  least  two  reasons: 

(1)  From  a  practical  standpoint,  there  is  no  easy  way  to  make  the  powerset  of  a  domain  into  a 
domain  itself. 

(2)  There  are  subsets  of  (ZxZ)|  which  can  never  be  the  output  of  a  nondeterministic  XT- 
program.  Specifically,  if  a  nondeterministic  XT -program  starts  in  a  state  (ij),  and  if  the 
program  is  guaranteed  to  terminate  regardless  of  the  nondeterministic  choices  made,  then 
there  are  only  a  finite  number  of  possible  output  states  for  the  program.  This  suggests  that 
we  should  omit  from  P  any  infinite  set  that  does  not  contain  J_ .  Also,  each  nondeterministic 
XT -program  has  at  least  one  output  state  for  each  input  state  (although  this  output  may  be 
1). 

The  second  point  listed  above  suggests  that  we  define  P  to  be: 

P  =  {S  <z(ZxZ)J  S  is  non-empty  and  finite  or  j_  e  S  } 

This  is  a  subset  of  the  powerset  of  (ZxZ)j_,  and  it  also  forms  a  domain  using  a  partial-order  first 
suggested  by  Egli  and  Milner  Here’s  the  Egli-Milner  order: 


s  nr  iff 


For  all  x  e  S  there  exists  y  e  T  such  that  x  H  y ,  and 
For  all  y  e  T  there  exists  x  e  S  such  that  x  y. 


An  equivalent  definition  of  this  order  is: 


S  OT 


iff  i 


S  =  T ,  or 

J_  e  S  and  S  cfu{_[  } 


Exercise  3:  Prove  the  claim  made  about  nondeterministic  XT -programs  in  (2)  above.  Show 
that  the  two  definitions  of  O  on  P  are  identical,  and  that  this  partial  order  does  make  P  a  domain. 
Show  that  the  isolated  elements  of  P  are  the  finite  subsets. 

The  domain  P  was  arrived  at  through  the  considerations  listed  above,  but  it  can  also  be 
mathematically  justified  as  being  the  least-constrained  way  of  making  certain  subsets  of  (ZxZ)| 
into  a  domain.  This  mathematical  justification  will  also  lead  to  a  method  for  generating  a  "domain 
of  nondeterministic  values"  from  any  domain.  For  now,  we  will  postpone  this  mathematical 
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SYNTAX 

SEMANTICS 

1.  Deterministic  Programs:  Each  deterministic 
XT -program  is  also  a  nondeterministic  pro¬ 
gram. 

1.  Let  HR]] :  ZD  — >D  be  the  domain  morphism 
associated  with  the  deterministic  program  R. 
The  morphism  [R]:P  — for  the  nondeter¬ 
ministic  program  is  defined  by 

IR1(S)  =  (PE(x)i  xe5) 

2.  Nondeterministic  Statement:  Let  and  R2 

be  nondeterministic  XY -programs.  Then  this  is 
a  nondeterministic  XY  program: 

(Rj  or  R2) 

2.  For  all  SeP:  [(Rj  or  R,)](S)  is 
[R1](5)u[R2](5). 

3.  Composition :  Let  R1?  R2,  •  •  •  R*  be  non- 
determinisric  XT -programs.  Then  this  is  a  no n- 
deterministic  X7 -program: 

BEGIN  Ri;  R2;  ■  •  •  R*  END 

3.  Let  R  be  the  composition  program.  Then 
[R]:£>  — >D  is  the  composition  function 

[R,]o  o[R2]o[Rj] 

4.  Conditional  Statement:  Let  R^  and  R2  be 
nondeterministic  XT -programs,  and  let  B  be  any 
totally  defined  Boolean  expression  with  at  most 
two  integer  variables  X  and  T  in  your  favorite 
programming  language.  Then  this  is  a  non¬ 
deterministic  XT  program: 

IF  B  THEN  Ri  ELSE  R2 

4.  Let  g  :D  —>P  be  the  unique  strict  function 
such  that  if  B  is  true  at  (i  J)  then 

g(ij)  =  iRimi,m, 

and  otherwise 

^(c;)  =  [^2]({(Cy)}). 

Then  [IF  B  THEN  Ri  ELSE  R2](5)  is 
{#(*)! 

5.  Iterative  Statement:  Let  R  be  a  nondeter¬ 
ministic  XT -program,  and  let  B  be  any  totally 
defined  Boolean  expression  with  at  most  two 
integer  variables  X  and  T  in  your  favorite  pro¬ 
gramming  language.  Then  this  is  a  nondeter¬ 
ministic  XT  program: 

WHILE  B  DO  R 

5.  Let  R0  be  the  program  FAIL;  for  any  integer 
n  >0,  let  Rn  be  this  program: 

IF  B  THEN  BEGIN  R;  Rn_{  END 

ELSE  SKIP 

Then  the  sequence  of  functions 

[Ro]  c  [RJ  C  [R2] 

is  a  chain.  The  function  [WHILE  B  DO  R  ]  is 
the  least  upper-bound  of  this  chain. 

Figure  3.1.  Syntax  and  Semantics  of  the  Nondeterministic  XT-language 
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framework,  and  concentrate  instead  on  how  P  (our  powerdomain!)  can  be  used  to  give  the  seman¬ 
tics  of  nondeterministic  XY -programs.  This  is  done  in  Figure  3.1,  which  defines  a  domain  mor¬ 
phism  [R]:  P  — >P  for  each  nondeterministic  XY  -program  R. 


3.2  A  Toy  Nondeterministic  Program 

For  any  nondeterministic  AT -program  and  element  S  e  P ,  the  following  equation  holds: 

[R J(S)  =  u  tR]({*}) 

xeS 

In  other  words,  the  functions  denoted  by  XY  -programs  are  additive.  The  proof  of  this  is  an  induc¬ 
tion  on  the  structure  of  the  program  R.  This  property  is  useful  because  it  means  that  the  behavior  of 
a  program  R  is  completely  determined  by  its  behavior  on  deterministic  (or  singleton)  inputs.  Sec¬ 
tion  4  will  further  explore  this  property  and  its  consequences.  For  now,  we  will  simply  use  this  pro¬ 
perty  in  examining  the  semantics  of  this  nondeterministic  XY  -program: 

WHILE  (X  *  0)  DO  (X  :=  A  -  1  or  Y  :=  Y  + 1) 


Let  R  be  the  nondeterministic  statement  in  the  body  of  the  WHILE  -loop.  For  a  deterministic 
input  (ij ),  the  function  [R]  is  defined  by  [R  ]{(/ j)}  =  {(i-lj),(ij+l)}.  The  function  denoted 
by  the  WHILE  loop  itself  is  the  least  upper-bound  of  a  chain  of  functions  /  o  Of  l  Of  2  •  •  • ,  where 
/  0  is  the  constant  function  which  maps  everything  to  { j_  } ,  and  for  n  >  0,  fn  :P  — >  P  is  the  additive 
domain  morphism  whose  behavior  on  singleton  sets  is: 


fnWJ)) 


if  (/  =0)  then  {(/,;)} 
else  /„_!  ([[RU  (i ,  j )) 


What  is  the  function  denoted  by  the  entire  loop?  It  is  the  strict  additive  function  f:P~^P  defined 
by 
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if  (i  <0)  then  { _[ } 


/{(**,;)}=  i 


else  if  ( i  =0)  then  { (/ ,  j ) } 


else  (1  }u  {(0,£)|  k>j) 


The  proof  that  this  function  is  an  upper-bound  of  the  fn  is  by  induction  on  n  —  much  as  in  Section 
2.4  for  the  deterministic  program.  The  proof  that  this  is  in  fact  the  least  upper-bound  is  also 
straight-forward.  The  moral  of  the  story  is  that  all  of  the  techniques  that  you  are  familiar  with  from 
deterministic  order-theoretic  semantics  carry  over  to  the  nondetermini  Stic  programs  with  little 
change. 

Exercise  4:  Complete  the  proof  that  the  function  denoted  by  the  WHILE- loop  is  the  function 
defined  above. 


4.  Powerdomains 

Section  3  gave  a  first  example  of  a  powerdomain,  P ,  which  was  used  to  provide  semantics  for 
the  nondeterministic  XT -language.  This  section  defines  powerdomains  in  more  generality,  and 
gives  a  mathematical  justification  for  using  the  particular  powerdomain  P  for  the  XT -language. 

4.1  Nondeterministic  Domains 

In  order  to  provide  semantics  for  the  nondeterministic  XT  -language,  we  needed  a  binary  opera¬ 
tion  on  the  domain  P  which  corresponded  to  the  or  operation  on  XT -programs.  This  binary  opera¬ 
tion  was  the  union  of  two  sets  in  P .  Intuitively,  an  element  S  uT  e  P  is  a  nondeterministic  choice 
between  S  and  T.  This  view  of  P  suggests  that  one  important  thing  about  a  powerdomain  is  that  it 
is  equipped  with  a  binary  operation  that  we  can  use  in  this  way.  We  generally  impose  some  con¬ 
straints  on  the  binary  operation,  to  match  our  intuition  about  nondeterministic  choice.  This  leads  to 
the  definition  of  a  nondeterministic  domain  in  Figure  4.1. 
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Definition:  A  nondeterministic  domain  (or  ND- domain)  is  a  domain  P  together  with  a  binary 
operation  or : P xP  P ,  such  that  for  all  elements  x,y,z<=P  and  all  chains  x0,xh  •  •  •  in  P : 
Associativity:  ((xory)orz)  =  (xor(y  orz)). 

Commutativity :  (xory)  =  (y  orx). 

Idempotence :  (x  ovx)  =  x. 

oo  oo 

Continuity:  ([}  xn)ory  =  |J  (jcnory). 
n= 0  n  =0 

These  ND-domains  have  also  been  called  semilattice-domains . 


Figure  4.1.  Definition  of  a  Nondeterministic-domain 


Exercise  5:  Show  that  the  domain  P  from  the  last  section  is  an  ND-domain  with  the  binary 
operation  u.  (That  is,  show  that  u  meets  the  four  properties  stated  in  the  definition.) 


4.2  ND-domain  Morphisms 

A  nondeterministic  program  will  be  denoted  by  a  morphism  f:P->P,  where  P  is  an  ND- 
domain  that  is  equipped  with  a  binary  operation  or .  Such  a  program  should  also  preserve  the  or  - 
structure  of  the  ND-domain,  so  that  f  (x  or  y)=f  (x)orf  (y).  The  or -preservation  means  that 
"running  a  program  on  a  choice  of  several  inputs  is  the  same  as  running  the  program  on  several 
inputs  and  choosing  between  the  outputs".  Such  a  function  is  called  an  ND-domain  morphism  (see 
Figure  4.2). 


Definition:  Let  P  i  and  P 2  be  ND-domains.  A  domain  morphism  /  :P  1  P  2  is  an  ND-domain 

morphism  provided  that  it  meets  this  condition: 

or  - Preserving :  For  all  elements  x  and  y  in  P 1 :  /  (x  or  y )  =  /  (x )  or  /  (y ). 


Figure  4.2.  Definition  of  an  ND-domain  Morphism 


Preservation  of  the  or -structure  is  the  most  common  intuition  for  nondeterministic  programs, 
although  some  research  of  Hennessy  and  Ashcroft  has  considered  other  ideas. 
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4.3  Free  Generation  of  Powerdomains 

Typically,  powerdomains  arise  when  we  want  to  add  nondeterministic  features  to  a  program¬ 
ming  language  whose  deterministic  semantics  is  already  specified  over  some  ordinary  domain  D 
(such  as  the  deterministic  XT -language  over  the  domain  (ZxZ)j_).  In  this  case  we  want  to  embed 
the  deterministic  domain  D  into  an  ND-domain  —  in  other  words,  we  are  looking  for  an  ND- 
domain  P(D),  together  with  a  domain  morphism  v\:D  ->P (D).  In  order  to  make  P(D)  free  from 
unintended  constraints,  the  embedding  morphism  r\  should  be  universal.  This  means  that  any  other 
possible  embedding  of  D  into  an  ND-domain  can  be  obtained  by  factoring  through  r\  in  a  unique 
way.  The  universality  requirement  is  formally  stated  as  follows:  if  Q  is  any  ND-domain  and 
g'D  ->0  is  any  domain  morphism,  then  there  is  a  unique  ND-domain  morphism  g:P(D)->£ 
such  that  for  any  x  e  D  :£(n(x))  =  g  (x),  as  in  the  following  diagram: 


The  ND-domain  P(D )  is  called  the  free  powerdomain  generated  by  D  with  insertion  rp  To  be  more 
precise,  we  should  probably  call  P(D )  a  free  powerdomain  generated  by  D  with  insertion  rj,  rather 
than  the  free  powerdomain.  But,  it  is  easy  to  show  that  P(£> )  and  r|  are  unique  "up  to  isomorphism", 
so  that  any  other  powerdomain  freely  generated  by  D  is  identical  to  P(D )  except  perhaps  for  renam¬ 
ing.  Therefore,  we  usually  say  the  free  powerdomain. 

Now  we  can  justify  the  domain  P  that  we  used  in  Section  3  for  the  semantics  of  nondeterminis¬ 
tic  XT -programs.  Recall  that  this  domain  consists  of  all  non-empty,  finite  subsets  of  (ZxZ)j^,  plus 
infinite  subsets  which  contain  J_ .  The  order  on  P  is  the  Egli-Milner  order.  Here  is  the  result  about 
the  freeness  of  P : 
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Theorem  4.1.  Let  P  be  the  powerdomain  used  in  Section  3,  with  set-union  as  the  or  -operation.  Let 
rj:(ZxZ )  j  -aP  be  the  domain  morphism  that  maps  each  element  x  to  the  singleton  set  {*}.  Then  P 
is  the  free  powerdomain  generated  by  (ZxZ)j_  with  insertion  rj. 

Proof:  To  show  the  universality  of  r\ ,  let  Q  be  any  ND-domain  and  let  g  :(ZxZ)^  -»  Q  be  a  domain 
morphism.  We  must  demonstrate  a  unique  ND-domain  morphism  g:P  — »  Q  with  g  0q  =  g . 

Now,  let  T  be  an  arbitrary  set  in  P .  Since  P  is  a  domain  whose  isolated  elements  are  the  finite 
subsets  of  (ZxZ)j_ ,  it  follows  that  T  is  the  least- upper  bound  of  a  chain  So  ^  S\  S2  ■  *  *  of  finite 
sets.  Since  each  Sn  is  finite,  these  sets  can  be  expressed  as  Sn  =  [xHti  ,  xn%2 ,  *  *  •  ,xn>^ }  for  some 

oo 

integers  nk.  Thus,  T  is  [J  or  •  •  •  or  [xn>kn }). 

n=Qo 

Define  g(T)  to  be  [J  (g(xn>i)or  •  •  •  org(^„^n)).  It  is  easy  to  show  that  this  is  the  unique 
n=0 

ND-domain  morphism  with  g  °r\  =  g .  [  j 

Exercise  6:  Let  C  y  be  any  flat  domain.  Show  that  P(C^)  consists  of  of  all  non-empty  finite 
subsets  ofCj_,  plus  any  countably  infinite  subsets  that  contain  .  The  order  is  the  Egli-Milner  order 
and  the  or  -operation  is  set-union. 


5.  Demonic  and  Angelic  Powerdomains 

This  section  provides  two  alternatives  to  the  freely  generated  powerdomain.  Each  of  these 
alternative  powerdomains  has  a  universal  property  of  its  own.  These  universal  properties  make  it 
easy  to  provide  semantics  for  nondeterministic  languages  using  any  of  the  powerdomains. 

5.1  Demons  and  Angels 

When  a  nondeterministic  XY  -program  is  run  on  some  input,  the  result  is  a  set  of  possible  out¬ 
puts  5  e  P(ZxZ)  j .  Suppose  I  am  not  interested  in  these  sets  themselves  —  but  instead  I  only  want 

->  {TRUE,  FALSE  }  j 

be  a  domain  morphism.  If  we  are  interested  in  the  correctness  of  a  program,  then  we  would  ask 
questions  like  these: 


to  ask  certain  kinds  of  questions  about  these  sets.  For  example,  let  b:(ZxZ  )j_ 


lsb(y)  TRUE  for  every  y  e  S  ? 

Is  b  (y )  TRUE  for  any  y  e  SI 

The  first  question  would  be  asked  to  guarantee  that  b  will  be  TRUE  for  the  output  of  a  program, 
regardless  of  any  nondeterministic  choices  that  may  occur  during  the  execution.  Just  one  state  y  e  S 
where  b(y)  is  not  TRUE  will  cause  this  question  to  be  answered  negatively.  The  policy  of  asking 
this  kind  of  question  has  been  called  the  demonic  approach  to  nondeterminism,  because  it  assumes 
that  there  is  some  malicious  demon  controlling  the  nondeterminism.  If  there  is  but  one  nondeter¬ 
ministic  choice  that  I  don’t  want,  then  the  demon  will  find  this  choice  and  the  program  will  fail. 
Therefore,  if  I  want  b  to  be  TRUE  of  my  program’s  output,  then  I  must  ask  whether  b  is  TRUE  for 
every  possible  output. 

The  second  question  would  be  asked  to  determine  whether  there’s  any  possibility  that  b  will  be 
TRUE  for  the  output  of  my  program.  The  policy  of  asking  this  kind  of  question  has  been  called  the 
angelic  approach  to  nondeterminism,  because  it  assumes  that  there  is  some  benevolent  angel  con¬ 
trolling  the  nondeterminism.  If  there  is  but  one  nondeterministic  choice  that  I  want,  then  the  angel 
will  find  this  choice  and  the  program  will  succeed.  Therefore,  if  I  want  b  to  be  TRUE  of  my 
program’s  output,  then  I  need  only  ask  whether  b  is  TRUE  for  any  possible  output. 

If  a  semantics  will  only  be  used  to  answer  demonic  questions,  then  the  powerdomain 
P((ZxZ)j_)  can  be  simplified.  Similarly,  the  powerdomain  is  simplified  for  angelic  questions. 
These  two  simplifications  provide  two  alternative  ND-domains  for  nondeterministic  XY  -programs: 
P demon  and  ¥  angel  •  These  two  ND-domains  are  defined  in  the  two  columns  below. 
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Pdemon 


Pangel 


Consider  a  set  S  of  possible  outcomes, 
with  e  S .  The  answer  to  a  demonic  question 
about  S  is  always  "no"  (because  b([  )  =  _[_). 
Therefore  it  does  no  harm  to  add  other  elements 
to  S  —  adding  these  elements  won’t  change  the 
"no"  answer  to  demonic  questions.  In  fact,  I 
may  as  well  add  every  possible  state  to  S ,  mak¬ 
ing  it  the  complete  set  (ZxZ)|.  This  set  is  also 
called  chaos,  since  it  is  the  most  nondeterminis- 
tic  set  possible.  Hence,  if  J_  is  a  possible  out¬ 
come  of  a  program  with  input  x ,  then  (in  the 
demonic  semantics)  we  say  that  the  program 
maps  x  to  chaos  —  and  this  does  not  change 
the  answer  to  demonic  questions. 

With  this  in  mind  P demon  can  be  formed 
from  the  sets  of  P((ZxZ)|)  by  changing  any  set 
with  to  chaos.  Hence,  the  elements  of 
P demon  are  all  the  nonempty,  finite  subsets  of 
(ZxZ)^,  plus  one  more  set:  chaos.  The  partial 
order  is  defined  so  that  higher  elements  have 
more  "yes"  answers  to  demonic  questions.  For¬ 
mally,  S  fZ  T  if  and  only  if  S  3  T ,  and  or  is 
set-union.  The  least  element  is  chaos,  and  the 
least  upper-bound  operation  is  intersection  of 
countably  many  sets. 


Consider  a  set  S  of  possible  outcomes, 
with  _[  4  S .  The  answer  to  an  angelic  question 
about  S  is  always  the  same  as  the  answer  to  the 
same  question  about  S  u  { _[ }  (because 
(1 )  =  _L ).  Therefore  it  does  no  harm  to  add 
1  to  S  —  adding  ]_  won’t  change  the  answer  to 
any  angelic  question. 

With  this  in  mind  P angel  can  be  formed 
from  the  sets  of  P((ZxZ)j_)  by  adding  J_  to 
every  set.  Hence,  the  elements  of  P angel  are 
all  the  subsets  of  (ZxZ)j,  which  contain 
The  partial  order  is  defined  so  that  higher  ele¬ 
ments  have  more  "yes"  answers  to  angelic  ques¬ 
tions.  Formally,  S  C  T  if  and  only  if  S  qT , 
and  or  is  set-union.  The  least  element  is  {_[  }, 
and  the  least  upper-bound  operation  is  union  of 
countably  many  sets. 


These  ND-domains  can  be  used  to  provide  a  semantics  for  nondeterministic  XY  -programs, 
which  will  be  adequate  if  we  are  only  interested  in  program  properties  that  can  be  answered  with 
demonic  or  angelic  questions.  But  before  this  is  shown  I  want  to  discuss  some  universal  properties 
that  these  domains  possess. 


5.2  Free  Generation  of  Demonic  and  Angelic  Powerdomains 

The  partial  order  on  Pdemon  is  such  that  a  higher  position  in  the  order  corresponds  to  more 
"yes"  answers  to  demonic  questions,  while  P angel  has  the  same  property  for  angelic  questions. 
These  correspondences  translate  to  properties  about  the  or -operation,  namely:  (x  ory  £  x) 
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always  holds  in  P  demon  >  and  (x  C  x  or  y)  always  holds  in  Pangel  •  We  use  the  term  demonic 
ND -domain  for  any  ND-domain  with  this  first  property  (x  ory  /Tj),  and  angelic  ND -domain  for 
any  ND-domain  with  the  second  property  (x  E  x  or  y).  When  we  are  wanting  answers  to  demonic 
questions  we  need  a  demonic  ND-domain,  and  similarly  for  angelic  questions. 

Now,  suppose  I  want  to  give  a  demonic  nondetermini  Stic  semantics  for  a  language  whose 
deterministic  semantics  is  already  specified  over  some  domain  D .  In  this  case,  I  must  search  for  a 
demonic  ND-domain  P demon  (D),  together  with  a  domain  morphism  rj:Z)  -»P demon  (D).  As  in 
Section  4.3,  I  want  Pdemon(P )  to  be  free  from  any  unintended  constraints.  This  is  achieved  by 
requiring  the  embedding  rj  to  be  universal  with  respect  to  other  possible  embeddings  of  D  into 
demonic  ND-domains.  This  is  formally  described  in  the  left-hand  column  below,  and  the  same 
ideas  are  defined  for  angelic  ND-domains  on  the  right. 


Free  Demonic  Powerdomain 

Let  D  be  any  domain.  The  free  demonic 
powerdomain  generated  by  D  is  a  demonic 
ND-domain  P  demon  (P)  together  with  a 
domain  morphism  rj:D  ->P demon  (P)  (called 
the  insertion).  The  insertion  rj  is  universal,  so 
that  if  Q  is  any  demonic  ND-domain  and 
g:D  -» g  is  any  domain  morphism,  then  there 
is  a  unique  ND-domain  morphism 
£:P DEMON (D)-*Q  such  that 

£  Cn(x ))  =  g  (*)  for  any  x  e  D . 


Free  Angelic  Powerdomain 

Let  D  be  any  domain.  The  free  angelic 
powerdomain  generated  by  D  is  an  angelic 
ND-domain  P demon  (P )  together  with  a 
domain  morphism  r\:D  ->P demon  (P)  (called 
the  insertion).  The  insertion  r\  is  universal,  so 
that  if  Q  is  any  angelic  ND-domain  and 
g :  D  -^Q  is  any  domain  morphism,  then  there 
is  a  unique  ND-domain  morphism 
8  '  v ANGEL  (D)-^Q  such  that 

8  Cn(* ))  =  g  (x)  for  any  x  e  D . 


Exercise  7:  Let  C  ±  be  any  flat  domain.  Show  that  P demon  (C  j_  )  consists  of  the  non-empty 
finite  subsets  of  C  plus  chaos  (all  of  Cj_),  with  the  insertion  mapping  to  chaos,  and  each  other 
element  is  mapped  to  the  corresponding  singleton.  The  order  is  the  superset  order  ( S  C  T  if  and 
only  if  S  dT)  and  the  or -operation  is  set-union.  Hence,  P demon  (from  Section  5.1)  is  the  free 
demonic  powerdomain  generated  by  (ZxZ)j^ . 

Exercise  8:  Let  C  j_  be  any  flat  domain.  Show  that  P angel  (C  j_)  consists  of  the  countable  sub¬ 
sets  ofCy  which  contain  J_ .  The  insertion  maps  each  element  x  to  {x,  }.  The  order  is  the  subset 

order  and  the  or -operation  is  set-union.  Hence,  P angel  (from  Section  5.1)  is  the  free  angelic 
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powerdomain  generated  by  (ZxZ)|. 


6.  Semantics  via  Free  Powerdomains 

A  flat  domain  D  ^  generates  three  powerdomains: 

P (D )  —  the  freely  generated  powerdomain, 

P demon  (P)  —  the  freely  generated  demonic  powerdomain, 

^ angel  (P)  —  the  freely  generated  angelic  powerdomain. 

There  is  an  insertion  from  D  to  each  of  these  domains,  with  a  certain  universal  property.  When  this 
kind  of  property  exists,  we  can  usually  give  the  semantics  of  a  nondeterministic  language  simply  by 
using  the  universal  property.  We  don’t  even  need  to  know  what  the  powerdomain  looks  like.  That’s 
what  we’ll  do  in  this  section  for  the  nondeterministic  AT -language. 

To  start  things  off,  let  P  be  any  of  the  three  powerdomains  P((ZxZ)j_)  or  PD£Mav((ZxZ)p  or 
P/WG£l((2xZ)|).  Let  1*1  :D  -»P  be  the  corresponding  universal  insertion.  For  each  nondeterminis¬ 
tic  AT -program  R,  we  will  give  the  ND-domain  morphism  [R J:P  -»P  denoted  by  R. 

Deterministic  Programs:  Each  deterministic  AT -program  R  is  also  a  nondeterministic  pro¬ 
gram.  Suppose  [[R]]:D  ->D  is  the  deterministic  domain  morphism  associated  with  a  program  R. 
Notice  that  the  composition  function  rj  e [[RU  maps  D  to  P .  The  ND-domain  morphism  [R]:P 
is  the  unique  ND-domain  morphism  such  that  [R]  oTj  =  rj  oIRU: 


[R] 


This  unique  morphism  exists  because  rj  is  universal.  Intuitively,  [R]:P  ->P  is  the  unique  power- 
domain  morphism  whose  value  at  a  "singleton"  {x  }  is  I[R]](jc). 

Exercise  9:  Prove  that  \FAIL\.P  maps  every  element  of  P  to  ,  and  that  [SKIP}  is  the 
identity  on  P . 
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Nondeterministic  Choice :  Let  R]  and  R2  be  nondeterministic  XT -programs.  Then  (Rx  or  R2)  is 
a  new  nondeterministic  XY  -program.  The  ND-domain  morphism  [(Rj  orR  2)\:P  - >P  maps  an  ele¬ 
ment  S  e  P  to  [R1](5)or[R  JOS). 

Composition :  Let  Rb  R2,  •  •  •  ,R*  be  nondeterministic  XT -programs.  Then 

BEGIN  Ri;  R2;  R*  END 

is  a  nondeterministic  XY  -program  whose  ND-domain  morphism  is  the  composition 

[R*]o  o[R2]o[RJ :P  ->/> 


Conditional  Statements :  Let  Rx  and  R2  be  XY  -programs  and  let  B  be  any  Boolean  expression 
in  the  XT -language.  Then  this  is  a  nondeterministic  XT  -program: 

IF  b  THEN  Ri  ELSE  R2 

To  define  the  semantics  of  the  conditional,  let  b :  (ZxZ)  -»  {TRUE, FALSE  }  be  the  function  which 
corresponds  to  the  Boolean  expression  B  .  Next,  define  a  domain  morphism  g  :D  by  this: 

if  jc  =  then  _[ 


g(x)  = 


else  if  &(x) /s  TRUE  then  [RilCnC*)) 


else  [R2](r|CO) 

The  function  [IF  b  THEN  Ri  j ELSE  R2] :  P  — is  the  unique  ND-domain  morphism  such  that 
[IF  b  THEN  Ri  ELSE  R2]  oTj  =  g ,  as  shown  here: 


Exercise  10:  Prove  that  each  of  the  functions  defined  on  P  in  the  above  paragraphs  is  an  ND- 
domain  morphism. 

Iterative  Statements :  Let  R  be  a  nondeterministic  XT  -program,  and  let  B  be  a  Boolean  expres¬ 
sion  in  the  XT  -language.  Then  this  is  a  nondeterministic  XT  -program: 
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WHILE  B  DO  R 

The  ND-domain  morphism  [ WHILE  B  DO  R  ],  is  defined  as  a  least  upper-bound  of  a  sequence,  just 
as  we  did  in  the  other  examples  of  semantics.  Namely,  R0  is  the  XY -program  FAIL,  and  for  any 
integer  n  >0,  Rn  is  the  XY  -program: 

IF  B  THEN  BEGIN  R;  Rrt_!  END 
ELSE  SKIP 

The  meaning  of  the  iterative  XY  -program  is  the  least  upper-bound  of  the  chain 

[*ol  HlRd  H  ••• 

Exercise  11:  Justify  the  following  statement:  In  order  to  use  a  powerdomain,  it  is  generally 
enough  to  know  that  the  powerdomain  is  freely  generated  by  a  fixed  domain  D . 


7.  A  Free  Powerdomain  Construction 

So  far,  we  have  used  powerdomains  to  define  the  semantics  of  nondeterministic  programming 
languages.  These  examples  used  powerdomains  of  the  form  P(£>),  P demon  iP)  or  P angel  (D), 
where  D  was  a  flat  domain.  What  if  D  is  a  more  complicated  domain?  Are  there  always  free 
powerdomains,  generated  by  D ,  with  the  desired  universal  properties? 

For  P(£>),  P demon  (P)  and  ^angel(D),  the  answer  is  yes\  The  easiest  way  to  prove  this 
existence  makes  use  of  some  category  theory,  and  will  not  be  given  here  —  but  see  the  bibliography 
if  you’re  interested.  Usually,  this  existence  of  freely  generated  powerdomains  is  sufficient  to  define 
the  semantics  of  nondeterministic  languages  -  since  once  the  existence  of  a  free  powerdomain  is 
known,  we  can  make  use  of  its  universal  properties  without  really  knowing  what  the  powerdomain 
looks  like  in  set-theoretic  terms  —  as  was  done  in  Section  6. 

But,  sometimes  a  more  concrete  construction  of  a  free  powerdomain  is  needed  -  or  at  least 
comforting.  This  section  provides  such  a  construction  for  my  favorite  powerdomain:  P demon  (P  )• 

7.1  What  P demon  (P )  Looks  Like. 

Let  D  be  any  domain.  In  order  to  describe  Y demon  (P  ),  we  need  some  definitions  about  sub¬ 
sets  of  D . 
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Definitions.  The  upward-closure  of  a  subsets  cZ)  is  the  set 

=  [y\  There  exists  some  x  e  S  with  x  E  y  } . 

A  subset  S  cD  is  called  upward-closed  if  S  -  s\  .  A  set  C  covers  another  set  S  provided  that 

c\  □  S .  A  set  S  is  called  Scott-compact  provided  that  whenever  a  set  C  of  isolated  elements 
covers  S ,  then  some  finite  subset  of  C  also  covers  S . 


Figure  7.1  Definitions  of  Upward-Closed  and  Scott-Compact  Sets 


Now  we  can  describe  P demon  (P  )•  The  elements  of  this  domain  are  certain  subsets  of  D . 
Namely,  the  elements  of  P demon  P)  are  the  non-empty,  upward-closed,  Scott-compact  subsets  of 
D .  Intuitively,  such  a  subset  ScD  is  a  nondeterministic  choice  between  all  of  the  elements  of  S'. 
The  intuition  behind  upward-closure  comes  from  the  idea  of  asking  demonic  questions,  as  defined  in 
Section  5.  Part  of  a  demonic  question  is  the  implicit  idea  that  whenever  we  are  willing  to  accept  an 
outcome  x  from  our  program,  then  we  should  also  accept  any  outcome  y  with  x  O  y .  Hence,  it 
does  no  harm  to  add  a  possible  outcome  y  to  a  set  of  nondeterministic  choices  which  already  con¬ 
tains  some  lower  element  x  The  intuition  behind  Scott-compactness  is  essentially  that  Scott- 
compact  sets  are  the  kinds  of  nondeterministic  choices  that  can  occur  in  a  program  with  finitely- 
branching  nondeterminism  (similar  to  the  way  that  _[  had  to  be  added  to  each  of  the  infinite  sets  in 

P(Cl)). 

The  partial-order  on  P demon (P )  is  S  ZT  T  iff  S  dT.  Again,  this  is  justified  by  the  idea  that 
we  will  use  this  domain  to  answer  demonic  questions,  and  that  a  higher  location  in  the  semantic 
order  corresponds  to  more  "yes"  answers  to  demonic  questions.  The  least  element  in  this  order  is 

oo 

the  set  D  itself.  If^ZTS^TTSV**  is  a  chain  in  P demon  (P),  then  []  Sn  is  the  intersection 
oo  n=  0 

n  Sn- 

n-  0 

Exercise  12:  Prove  that  this  intersection  is  indeed  a  non-empty,  upward-closed,  Scott-compact 
set.  Therefore,  P demon  (P )  has  least  upper-bounds  of  all  chains,  and  hence  is  a  CPO. 

Exercise  13:  Let  S  be  a  non-empty  finite  set  of  isolated  elements  from  D .  Show  that  s\  is  an 
element  of  P demon  (P)*  As  a  further  exercise,  show  that  these  elements  are  isolated  in  the  CPO 
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P demon  P  )>  and  that  this  CPO  is  actually  a  domain  with  these  elements  forming  the  base. 

The  binary  operation  or  in  P demon  P)  is  union:  S  orT  =S  kjT.  Since  psi(SnuT)  = 

n=  0 

oo 

( Pi  Sn )  u  T ,  this  is  a  continuous  operation. 

«=o 

Exercise  14:  Prove  that  S  u  T  is  non-empty,  upward-closed  and  Scott-compact  whenever  S 
and  T  are.  Therefore,  this  addition  operation  is  well-defined  on  P demon  P  )• 

7.2  The  Universal  Insertion  Function,  and  Some  Preliminaries 

We  want  to  show  that  P demon  P )  is  the  free  demonic  powerdomain  generated  by  D ,  with 
some  universal  insertion  function  r\:D  P demon  P  )•  For  this  construction,  the  insertion  function 
r\  maps  each  element  x  e  D  to  the  set  {jc  it  e  Y DEMON  P  )• 

Exercise  15:  Clearly  the  set  rj(x)  is  non-empty  and  upward-closed  for  any  x  e  D  .  Show  that 
it  is  Scott-compact.  Also  show  that  the  function  r|  is  a  domain  morphism. 

The  idea  behind  a  proof  that  P demon  P )  is  freely  generated  by  D  is  this:  Intuitively,  the  sets 
of  V demon  P)  are  those  sets  which  can  be  formed  from  the  upward-closure  of  singletons  -  using 
only  the  or  -operation  (union)  and  putting  in  least  upper  bounds  (intersections)  whenever  chains  are 
formed.  A  more  formal  proof  will  be  aided  by  the  following  preliminary  definitions  and  results. 

Definition.  A  subset  5  of  a  domain  D  is  called  directed  provided  that  any  two  elements  in  S  have 
an  upper  bound  in  S .  That  is:  whenever  x,y  e  S,  then  there  exists  some  z  e  S  with x  O  z 
and  y  £"  z .  Note  that  every  chain  is  an  example  of  a  directed  set. 

Exercise  16:  Let  5cD  be  a  directed  subset  of  a  domain  D  .  Prove  that  S  has  a  least  upper- 
bound  (which  we  will  denote  by  []  S ).  Also  prove  that  every  domain  morphism  preserves  the  least 
upper-bound  of  every  directed  set. 
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Definition.  Let  D  be  a  domain,  Q  a  demonic  ND-domain,  and  g:D  — > <2  a  domain  morphism. 
Then  for  any  finite  subset  S  =  {*i,  •  •  •  ,xn }  cD ,  define  g(S)  to  be  the  element 
g  (x t)  or  •  •  •  or  g(xn)  of  Q. 

Lemma  7.1.  Let  D  be  a  domain,  Q  a  demonic  ND-domain,  and  g:D  — ><2  a  domain  morphism. 
Then  for  any  set  T  e  Vdemon  (d  )>  the  set 

{g  (S  )|  S  is  a  finite  set  of  isolated  elements  which  covers  T } 
is  a  directed  subset  of  Q. 

Proof:  Let  U  be  the  indicated  subset  of  Q ,  which  we  must  show  to  be  directed.  Suppose  S  i  and  S2 
are  finite  sets  of  isolated  elements  which  cover  T,  so  that  g  (S  i)  and  g  ( S2 )  are  elements  of  U .  We 
must  find  another  finite  set  S  of  isolated  elements  which  covers  T,  and  with  g  (S)  an  upper  bound 
for  g  ( S  i)  and  g  ( S  2).  Before  we  define  this  set  S ,  we  define  another  set  of  isolated  elements: 

V  =  {x  e  BASED  |  For  some  X\E  Sh  x2e  S2,  and  t  eT  :(xi  Ef  x)  and(jt2  ^x)and  (x  C  r)}. 

It  is  easy  to  show  that  V  covers  T,  and  since  T  is  Scott-compact  there  is  some  finite  subset  5cV 
which  also  covers  T .  For  this  S ,  the  element  g  (S )  is  in  U ,  and  it  is  an  upper-bound  for  g  (Si)  and 
g  (S  2) >  Therefore,  U  is  directed,  as  required.  [  j 

Exercise  17:  In  the  proof  of  the  last  lemma,  show  that  V  covers  T . 


Lemma  7.2.  Every  domain  morphism  between  demonic  ND-domains  is  also  a  ND-domain  mor¬ 
phism. 

Proof:  The  proof  relies  on  the  fact  that  in  a  demonic  ND-domain,  x  ory  is  always  the  greatest 
lower- bound  of  x  and  y .  (It  is  a  lower  bound  since  x  ory  O  x  is  an  axiom  in  a  demonic  ND- 
domain.  It  is  the  greatest  lower  bound  since  whenever  z  EE  x  and  z  O  y  then  also 
z  =  (z  or  z)  C  (x  ory ).)  But  this  g.l.b.  can  also  be  written  as  the  least  upper-bound  of  the  directed 
set  {z|  z  Ox  and  z  Oy }.  (The  set  is  directed  since  it  contains  its  own  upper- bound,  namely 
xory.)  Since  a  domain  morphism  preserves  the  least  upper-bound  a  of  directed  set,  it  also 
preserves  the  greatest  lower-bound  of  a  pair  of  elements,  hence  it  also  preserves  the  sum  of  a  pair  of 
elements.  [] 
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7.3  The  Proof  that  P demon  (P ) ls  Free 

Let  D  be  a  domain.  We  will  show  that  V demon  (P )  is  generated  by  D  with  the  insertion 
rj:D  demon  P  )>  defined  above.  To  do  this,  let  Q  be  a  demonic  ND-domain,  and  let  g  :D  ~$Q 
be  a  domain  morphism.  We  must  show  that  there  is  a  unique  ND-domain  morphism 
8  *  P demon  (P)->Q  such  that  g  (rj(x ))  =  g  (x )  for  all  x  e  D ,  as  in  this  commuting  diagram: 


Figure  7.2 


With  the  aid  of  Lemma  7.1,  the  definition  of  g  is  simple: 

For  any  T  e  V demon  P)'  &(T)=  U#  S  is  a.  finite  set  of  isolated  elements  which  covers  T }. 
Lemma  7.1  is  used  to  guarantee  that  the  set  on  the  right  is  indeed  directed,  and  hence  has  a  least 
upper- bound  in  Q  . 


Now  we  will  demonstrate  that  this  definition  of  g  meets  the  properties  stated  above.  The  first 
property  required  of  g  is  that  g  (n(x ))  =  g(x)  for  any  x  e  D  .  This  is  shown  here  for  any  x  e  D  : 

g(r\(x))=g({x}\) 

=  Uis(S)\  S  is  a  finite  set  of  isolated  elements  which  covers  {x  }f } 

=  Ui8(S)\  S  is  a  finite  set  of  isolated  elements  with  some  y  e  S  and  y  O  x  } 


=  g(x) 


Exercise  18:  Show  that  g  (x )  is  indeed  the  least  upper-bound  indicated  above. 

Next  we  must  show  that  g  is  an  ND-domain  morphism.  By  Lemma  7.2,  every  domain  mor¬ 
phism  on  demonic  ND-domains  is  also  an  ND-domain  morphism,  so  really  we  only  need  to  show 
that  g  is  a  domain  morphism  —  i.e.,  that  g  is  strict,  monotonic  and  continuous.  Strictness  and 
monotonicity  are  easy  (try  them  and  see!).  For  continuity,  let  T0  Q  Tx  C  T2  •  •  •  be  a  chain  in 
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P demon (P  )•  The  equality  g(  [_|  Tn)=  |J  ( g(Tn ))  is  shown  here: 

n=0  n=0 

oo 

£(  U  Tn)=g(^Tn) 

fl—  0  n— 0 

=  |_|te(5)l  5  is  a  finite  set  of  isolated  elements  which  covers  p,  Tn } 

n=  0 

=  Uis(S)\  S  is  a  finite  set  of  isolated  elements  which  covers  some  Tn } 

oo 

=  U  Uis  (5)|  S  is  a  finite  set  of  isolated  elements  which  covers  Tn  } 

n=  0 

OO 

=  U  (g(Tn)) 

n=  0 

Exercise  19:  Demonstrate  in  detail  the  above  equalities.  Hint:  the  second  equality  uses  the  fact  that 
whenever  5  is  a  finite  set  of  isolated  elements  from  D ,  then  sf  is  an  isolated  element  in 
P DEMON  (P  ). 

So,  we  have  shown  that  g  is  an  ND-domain  morphism  which  makes  the  triangle  in  Figure  7.2 
commute.  To  finish  the  free  construction  proof,  we  only  need  to  show  that  it  is  the  only  ND-domain 
morphism  with  this  property.  For  this  purpose,  let  h : P demon (D)—>Q  be  an  ND-domain  mor¬ 
phism  with  h(r[(x))  =  g(x)  for  all  x  e  D .  We  need  to  show  that  g  and  h  are  identical.  It  is 
sufficient  to  show  that  g  and  h  are  identical  when  applied  to  isolated  elements  of  VDEM0N  (D ).  As 
stated  above,  an  isolated  element  of  P demon  (D )  has  the  form  4  where  S  is  a  non-empty  finite  sub¬ 
set  of  isolated  elements  from  D.  If  S  =  {si,  •  •  •  ,sn },  then  4  can  also  be  written  as 
r\(s  i)  or  •  •  •  or  r\(sn).  Hence  we  have  these  equalities: 

£  (4)  =  £  (TICs  l)  or  •  •  •  orti(sn)) 

=  £0l(si))or  •  •  •  or g (rife)) 

=  «(*i)or  •  •  ■  or g(sn) 
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~  h(r\(s i))or  •  •  •  or  h(r\(sn)) 

=  h(r\(s  i)or  •  •  •  orr\(sn)) 

=/»(4) 

7.4  Constructions  of  P(£> )  and  P angel  (D ) 

The  powerdomains  P (D )  and  Pangel  (P )  also  have  constructive  characterizations  similar  to 
the  one  given  here  for  the  demonic  powerdomain.  Here’s  what  these  characterization  are: 

For  any  subset  S  cD ,  the  ^-closure  of  S ,  written  CLOSURE  (S )  is  the  set: 

{x  e  D  |  For  any  isolated  y  with  y  Ox  there  exists  zeX  with  y  O  z] 

The  powerdomain  P angel  (P )  consists  of  those  non-empty  subsets  of  D  with 
S  =  CLOSURE  (S).  The  order  is  defined  by  S  O  T  if  and  only  if  S  cl,  and  the  insertion 
T]:/)  P angel  (P )  maps  x  e  D  to  CLOSURE  ({x }).  The  binary  or  -operation  is  union. 


Figure  7.3  Characterization  of  the  Free  Angelic  Powerdomain 


P(P )  consists  of  those  non-empty  subsets  of  D  with  S  =  n  CLOSUREXS).  The  order  is  the 
Egli-Milner  order,  and  the  insertion  r\:D  ->P  (D)  maps  xeD  to  {x}\  n  CLOSURE  ({x }). 
The  binary  or  -operation  is  union. 

Figure  7.4  Characterization  of  the  Free  Powerdomain 

These  characterizations  are  taken  from  Gordon  Plotkin’s  postgraduate  notes.  See  the  historical 
bibliography  for  details. 


8.  Other  Powerdomains 


A  powerdomain  is  a  domain  together  with  extra  structure  for  handling  nondeterminism.  In 
P(D ),  this  structure  is  a  binary  operation  or  which  is  associative,  commutative,  idempotent,  and 
continuous.  For  demonic  and  angelic  powerdomains,  the  same  kind  of  operation  is  used,  but  with 
additional  constraints. 

These  three  powerdomains  have  not  exhausted  the  possible  structures  for  handling  nondeter¬ 
minism.  For  example,  Kozen,  Saheb-Djahromi  and  Graham  have  all  proposed  probabilistic  struc¬ 
tures  that  can  be  placed  on  top  of  a  domain.  David  Benson  and  I  have  suggested  the  algebraic  struc¬ 
ture  of  a  semiring-module  for  describing  certain  kinds  of  nondeterminism.  At  a  recent  talk  at  the 
Workshop  on  Mathematical  Semantics  of  Programming,  Gordon  Plotkin  suggested  an  algebraic 
structure  containing  several  operations  including  nondeterministic  choice  and  parallel  composition. 

The  basic  idea  of  a  universal  or  free  construction  should  be  applicable  to  all  these  suggested 
structures.  In  each  of  these  cases,  we  should  be  looking  for  a  way  to  take  a  domain  D  and  embed  it 
in  another  domain  which  has  additional  algebraic  structure.  Let’s  call  this  latter  domain  a  structured 
domain.  So,  what  we  are  looking  for  is  a  structured  domain  S (D ),  together  with  a  domain  morphism 
rpD  -»S(D).  As  usual,  we  want  rj  to  be  universal  so  that  if  Q  is  another  structured  domain  and 
g:D  ->Q  is  a  domain  morphism,  then  there  exists  a  unique  structure-preserving  domain  morphism 
g :  S(D )  — » Q  such  that  g  0rj  =  g . 

Several  papers  in  the  historical  bibliography  show  conditions  under  which  the  existence  of  such 
free  structured  domains  is  guaranteed. 


9.  Historical  Bibliography 

A.  Origins.  The  problem  of  defining  domains  of  nondeterministic  values  has  its  origin  in  R. 
Milner’s  research  on  denotational  semantics  of  nondeterministic  and  parallel  programs  [A.1,A.2]. 
He  proposed  a  solution  for  flat  domains,  which  was  also  proposed  by  H.  Egli  in  unpublished  notes. 
G.  Plotkin  extended  Milner’s  proposal  to  a  class  of  domains  which  he  called  SFP  —  although  the 
construction  was  not  characterized  as  a  universal  construction  in  his  original  paper  [A.3].  M.  Smyth 
refined  Plotkin ’s  construction  —  characterizing  it  in  terms  of  a  completion  by  ideals  of  a  pre-domain 
[A.4].  Smyth  also  defined  the  demonic  powerdomain  construction  —  which  he  called  the  "weak" 
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powerdomain,  and  others  have  sometimes  called  the  Smyth  powerdomain.  Smyth  later  recognized 

the  angelic  powerdomain  as  the  dual  to  the  demonic  powerdomain,  and  connected  all  three  power- 

domains  to  topological  constructions  proposed  by  Vietoris  in  the  1920’s  [A.5].  The  view  which  I’ve 

presented  —  powerdomains  as  freely  generated  ND-domains  —  came  from  Plotkin’s  postgraduate 

notes  and  a  paper  of  Plotkin  and  M.  Hennessy  [A.6,A.7].  They  also  used  the  term  Hoare  power- 

domain  for  the  angelic  powerdomain  —  because  of  a  connection  of  the  angelic  powerdomain  with 

Hoare’s  partial  correctness  logic  for  nondeterministic  programs.  D.  Schmidt’s  text  on  Denotational 

Semantics  also  has  a  chapter  presenting  these  constructions  [A.8]. 
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G.  Plotkin,  Computer  Science  Postgraduate  Notes,  University  of  Edinburgh,  1980-81. 

[A.7] 

M.  Hennessy  and  G.  Plotkin,  Full  abstraction  of  a  simple  parallel  programming  language,  In: 
Mathematical  Foundations  of  Computer  Science  ’ 79 ,  Lecture  Notes  in  Computer  Science  74, 
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B.  Characterizations  of  Powerdomains.  Apart  from  Smyth’s  topological  characterization  of 
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powerdomains,  and  the  Plotkin/Hennessy  view  as  a  universal  construction,  there  have  been  several 
other  views  of  powerdomains.  S.  Abramsky  constructed  the  powerdomains  as  capturing  the 
discriminations  that  can  be  made  by  different  kinds  of  finite  experiments  on  nondeterministic  pro¬ 
grams  [B.l].  G.  Winskel  defined  the  powerdomains  in  terms  of  statements  in  a  modal  logic  [B.2]. 
In  fact,  these  two  papers  —  presented  at  the  same  conference  —  are  the  origin  for  the  demonic  ques¬ 
tions  and  angelic  questions  which  I  used  as  motivation  in  Section  5.  For  a  special  kind  of  domain 
(called  consistently  complete)  a  topological  characterization  in  terms  of  the  Lawson  topology  of  a 

domain  has  been  given  by  M.  Mislove  [B.3]. 

[B.l] 

S.  Abramsky,  Experiments,  powerdomains  and  fully  abstract  models  for  applicative  multipro¬ 
gramming,  In:  Foundations  of  Computation  Theory ,  Lecture  Notes  in  Computer  Science  158, 
Springer- Verlag,  Berlin  (1983),  1-13. 
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M.  Mislove,  On  the  Smyth  powerdomain,  In:  Third  Workshop  on  the  Mathematical  Founda¬ 
tions  of  Programming  Language  Semantics ,  Springer-Verlag,  Berlin  (1987),  to  appear. 

Alternative  Algebraic  Structures.  Here  are  some  of  the  alternative  algebraic  structures  that  have 

been  proposed  for  handling  nondeterminism  in  a  domain. 
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gramming,  9th  Colloquium,  Lecture  Notes  in  Computer  Science  140,  Springer-Verlag,  Berlin 
(1982),  418-428. 

[C.7] 

N.  Saheb-Djahromi,  CPO’s  of  measures  for  nondeterminism,  Theoretical  Computer  Science  12 
(1980),  19-37. 


